Litcius/Paper detail

Towards Agile Cybersecurity Risk Management for Autonomous Software Engineering Teams

Hannes Salin, Martin Lundgren

2022Journal of Cybersecurity and Privacy14 citationsDOIOpen Access PDF

Abstract

In this study, a framework was developed, based on a literature review, to help managers incorporate cybersecurity risk management in agile development projects. The literature review used predefined codes that were developed by extending previously defined challenges in the literature—for developing secure software in agile projects—to include aspects of agile cybersecurity risk management. Five steps were identified based on the insights gained from how the reviewed literature has addressed each of the challenges: (1) risk collection; (2) risk refinement; (3) risk mitigation; (4) knowledge transfer; and (5) escalation. To assess the appropriateness of the identified steps, and to determine their inclusion or exclusion in the framework, a survey was submitted to 145 software developers using a four-point Likert scale to measure the attitudes towards each step. The resulting framework presented herein serves as a starting point to help managers and developers structure their agile projects in terms of cybersecurity risk management, supporting less overloaded agile processes, stakeholder insights on relevant risks, and increased security assurance.

Topics & Concepts

Agile software developmentRisk managementAgile usability engineeringAgile Unified ProcessStakeholderLean software developmentComputer scienceLikert scaleProcess managementKnowledge managementEngineering managementComputer securityRisk analysis (engineering)EngineeringSoftwareSoftware developmentSoftware development processSoftware engineeringBusinessManagementMathematicsFinanceStatisticsEconomicsProgramming languageSoftware Engineering Techniques and PracticesInformation and Cyber SecuritySoftware Engineering Research
Towards Agile Cybersecurity Risk Management for Autonomous Software Engineering Teams | Litcius